Red Hat Bugzilla – Bug 831876
CVE-2012-2698 mediawiki: XSS flaw in the uselang http parameter
Last modified: 2016-03-04 06:27:11 EST
Mediawiki 1.17.5, 1.18.4, and 1.19.1 were released today to fix a XSS vulnerability in the useland http parameter .
While 1.16.x isn't explicitly mentioned (and is what is currently shipping in Fedora), the liklihood of it being affected is high. It is also really old and out-of-date, so it might be prudent to update to one of the supported versions.
Created mediawiki tracking bugs for this issue
Affects: fedora-all [bug 831879]
Created mediawiki116 tracking bugs for this issue
Affects: epel-all [bug 831880]
Added CVE as per http://www.openwall.com/lists/oss-security/2012/06/14/2